Architecture
Where things live
- Credentials: your OS keyring (macOS Keychain, Windows Credential Manager, libsecret on Linux), encrypted at rest with Fernet. Never written to config files in plaintext, never transmitted to nable.
- Cost data: cached in a local SQLite database on your machine (Postgres in team mode, hosted by you). nable has no data lake; there is nothing of yours on our side to breach.
- License verification: offline. Keys are Ed25519-signed and verified against a public key bundled in the package. No license server, no phone-home check.
- The website and billing are the only nable-operated systems. They never see cloud credentials or cost data.
Cloud access is read-only
nable calls read APIs: Cost Explorer, Cost Management, billing exports, CloudWatch metrics, describe calls. One optional exception exists and is documented: logs:PutRetentionPolicy, used only if you ask nable to fix log groups with no retention policy. Destructive cleanup actions are disabled unless you explicitly set FINOPS_CLEANUP_ENABLED=true.
You do not have to trust this paragraph. Generate a least-privilege credential and verify it:
finops setup aws --iam-templateprints a scoped read-only CloudFormation policyfinops setup aws --iam-terraformprints the same as Terraformfinops setup aws --check-scopeproves a credential has no write permissions
AI exposure, stated plainly
When you ask a question in Claude, Cursor or another MCP editor, the cost figures nable returns are sent to that editor's AI model to compose the answer, the same as anything else in the chat. nable itself sends nothing to any model. For zero model exposure, use the local dashboard or CLI, which never touch one. Enterprises routing AI through private endpoints (Bedrock, Azure OpenAI) keep that boundary too: nable does not change where your editor sends its context.
Telemetry
Anonymous usage telemetry is on by default and documented: a random install id, tool names, counts, version and plan tier. Never cost data, account ids, resource names or credentials. Disable with NABLE_NO_TELEMETRY=1, or set FINOPS_AIRGAP=1 to forbid all non-provider network traffic. CI environments are auto-excluded.
Team mode
- RBAC: viewer, analyst and admin roles with team scoping; API keys stored as SHA-256 hashes.
- SSO: OIDC with strict validation (algorithm allowlist, issuer, audience, expiry and CSRF state all enforced).
- Audit log: every tool call recorded with duration and outcome.
- Remediation approvals: drafted actions require an approval from a second person by default (analyst or above, 24-hour expiry, replay-proof).
Supply chain
Releases publish to PyPI via GitHub Actions trusted publishing (OIDC, no long-lived tokens). The source is public and the package is what the repo builds. Dependency updates are monitored automatically.
Disclosure
Report vulnerabilities to hello@getnable.com. Acknowledgment within 48 hours, fixes for confirmed issues within 14 days. Disclosed issues are documented in the changelog: when the legacy v1 license signing secret appeared in public git history, the keypair was rotated within hours and v1 keys were permanently retired, documented in release notes rather than scrubbed.